What strategies can improve work relations with cybersecurity vendors, particularly during the buying process, and what is essential for maintaining a positive relationship after acquiring the product?

Strategy & ArchitectureSecurity & GRCProcess Management+2 more
2.4k views2 Upvotes3 Comments
CISO in Finance (non-banking), 10,001+ employees
Scope of work of the product and services must be freezed and discussed in detail with vendors and their buyin must be taken. There has to be clear and transparent communication with the vendors and even if the product has limitations which cannot fulfill the need of the organization. Reasonable time must be given to them to demonstrate their product capabilities and response to the RFPs. Use cases must be discussed and finalized as part of product evaluation to avoid the confusion at later stage and give them fair idea on overall purchase process of the organization. Appropriate feedback must be given after product is evaluated. 3 criteria must be there as part of evaluation which includes quality of the product, security of the product and technical support. Regular review of the solution must be done with vendors after product is implemented and positive and negative aspects must be highlighted. Payment term and conditions must be discussed and freezed. Organization can allow vendor to use as an customer reference depending upon the agreement or consent
1
Director of IT in Software, 201 - 500 employees
There are few key points and strategies from my experience

- scope of work should be exactly and detailed planned, as well as KPI's to measure achievements of goals
- goals should be set realistic
- during buying process you should have well defined criteria to choose vendor, we usually use weighted scoring table to have it also well documented
- you need to check overall costs (TCO), specially is important how much it will costs you to add additional seats or features for cybersecurity products or services you are buying
- you must check integration possibilities with other solutions or products which might you use
- extremely important is to have well defined support process, path of escalation of problems and issues 
- define process for emergency situation. If you have zero day attack or vulnerability time to react and take necessary measures is critical
- you should have nominated person on vendor's side who is your primary contact for all activities
- you must have regular communications and meetings with vendor to check open topics, problems or issues which might arise, bugs on vendor side etc.
1
Director of IT in Healthcare and Biotech, 1,001 - 5,000 employees
I'll try to give a pragmatic answer that will hopefully be beneficial to both sides.

Customers - it's helpful to do some homework about the product before any sales calls, RFPs. Review their website or ask for some product materials. It will make for a more meaningful and informed discussion. Be clear about your objectives and business/security challenges you are trying to solve.

Vendors - one common complaint I hear from peers is not listening. There have been many-a-times where a vendor has tried to sell me something without even asking what problems I'm trying to solve. Take time to understand what the customer is looking for. Be honest about what your product can and can't do. How can your product address the specific needs mentioned?

Resellers - the right reseller can really help navigate the buying process, but a bad reseller can make things way more complicated than it needs to be. I've had the privilege to work with some great ones, but also very poor ones as well. The good ones have always invested the time to understand the needs of the customer. The bad ones have usually just tried to push products whether they were suitable or not.
1

Content you might like

Which components of the Oracle Database environment do you plan to move to the cloud? (Select all that apply)

CloudApplications & PlatformsData & Analytics+7 more

Production45%

Backup65%

Replication33%

Non-production DBs (Dev, Training, QA, etc.)30%


217 PARTICIPANTS
1.5k views1 Upvote

How do you keep a team motivated in absence of leadership?

People & Leadership
Read More Comments
40.2k views29 Upvotes21 Comments

How important are pilot projects in implementing an industry 4.0 strategy?

Strategy & ArchitectureInnovation

Very important.31%

Important.60%

Not necessary.5%

Not important at all.1%


880 PARTICIPANTS
3.2k views

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data. 

Security & GRCRegulatory Compliance
324 views1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.6k views133 Upvotes324 Comments